Which of the following is the correct order for searching data on a Windows based system?

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to
investigate the computer of an employee, who is suspected for classified data theft. Suspect’s
computer runs on Windows operating system. Peter wants to collect data and evidences for
further analysis. He knows that in Windows operating system, the data is searched in pre-defined
steps for proper and efficient analysis. Which of the following is the correct order for searching
data on a Windows based system?

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to
investigate the computer of an employee, who is suspected for classified data theft. Suspect’s
computer runs on Windows operating system. Peter wants to collect data and evidences for
further analysis. He knows that in Windows operating system, the data is searched in pre-defined
steps for proper and efficient analysis. Which of the following is the correct order for searching
data on a Windows based system?

A.
Volatile data, file slack, registry, system state backup, internet traces, file system, memory
dumps

B.
Volatile data, file slack, registry, memory dumps, file system, system state backup, interne t
traces

C.
Volatile data, file slack, file system, registry, memory dumps, system state backup, interne t
traces

D.
Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file
system

Explanation:



Leave a Reply 0

Your email address will not be published. Required fields are marked *